March 13, 2026

Apple hasn’t patch bug that leaked user data while using VPN: Report

August 19, 2022 0

Apple, earlier this week, released iOS 15.6.1 update on all supported iPhones. This update fixes two zero-day vulnerabilities, which the company knows has been exploited in the wild by hackers. While the first bug affects iOS’ kernel and it could give hackers complete access to the targeted iPhone, the second vulnerability could enable hackers to execute any code on the targeted device if the user open a maliciously website on Safari. While Apple has fixed both the bugs, there is another bug that has remained unpatched for almost two year.

Security researcher Michael Horowitz in a blog post has claimed that an unpatched vulnerability leads VPN apps on iOS not to fully route all network traffic through the VPN tunnel and leak sensitive user data. He also says that this vulnerability isn’t new. It was first disclosed to Apple by ProtonVPN back in 2020. Apple, however, hasn’t patched the vulnerability so far.

The security researcher says that at first, the VPN apps appear to work fine. “The iOS device gets a new public IP address and new DNS servers. Data is sent to the VPN server. But, over time, a detailed inspection of data leaving the iOS device shows that the VPN tunnel leaks. Data leaves the iOS device outside of the VPN tunnel,” he wrote in a blog post.

This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers,” he added.

For the unversed, once users switch to a VPN connection a ‘tunnel’ is established and all data coming and going from the VPN-connected device is supposed to go through the VPN. However, owning to bug in Apple’s mobile OS, some of the data is leaked outside that tunnel.

Proton VPN that first discovered this bug dubbed as ‘VPN bypass vulnerability’, says that this bug could result in users’ data being exposed if the affected connections are not encrypted themselves. “The more common problem is IP leaks. An attacker could see the users’ IP address and the IP address of the servers they’re connecting to. Additionally, the server you connect to would be able to see your true IP address rather than that of the VPN server,” the company wrote in the blog post.

What is concerning is that even the the vulnerability remains unpatched even in the latest version of Apple’s mobile operating system, that is, iOS 15.6.

The researcher says that he has notified Apple about this bug and that the company hasn’t responded on the matter yet.

The post Apple hasn’t patch bug that leaked user data while using VPN: Report appeared first on BGR India.

You may have missed

Renault Duster-Based 7-Seat SUV Spied Testing In India Ahead Of 2027 Launch

Renault Duster-Based 7-Seat SUV Spied Testing In India Ahead Of 2027 Launch

March 13, 2026 0
BMW M2 CS Comes To India; 530bhp, RWD, But Available In Limited Numbers

BMW M2 CS Comes To India; 530bhp, RWD, But Available In Limited Numbers

March 13, 2026 0
New Audi A6 Long-Wheelbase Makes Global Debut; Wheelbase Stretched By Over 130 mm

New Audi A6 Long-Wheelbase Makes Global Debut; Wheelbase Stretched By Over 130 mm

March 13, 2026 0
Apple to Cut App Store Developer Fees in China From March 15

Apple to Cut App Store Developer Fees in China From March 15

March 13, 2026 0

iQOO Z11x 5G First Impressions

March 13, 2026 0